1
2
3
4
5
6
7
8
9
10
11
12
13
|
<think>
Okay, let's see. The user is reporting a bug in QEMU's linux-user mode. The problem is that when using openat on /proc/self/exe, it returns a closed file descriptor. The description mentions that when qemu-user is executed as an interpreter with a file descriptor in AT_EXECFD, the open call returns a closed fd.
So, the key here is that the file descriptor is being closed during the initialization process of QEMU. The code path involves load_elf_binary and load_elf_image, which close the fd provided via AT_EXECFD. Then, when do_openat in syscall.c returns that same fd to the user, it's already closed. The user program then uses it, leading to issues when they try to use it again.
The steps to reproduce show a C program that opens /proc/self/exe and /dev/null, printing their fd numbers. In the environment using QEMU (like Docker on arm64 Mac), the first fd (selfexe) is 3, but since it's closed, subsequent opens might reuse it, leading to unexpected behavior.
The categories to choose from are instruction, syscall, or runtime. The issue here is related to how the syscall (open) is handled in QEMU's user mode. Specifically, the do_openat function in syscall.c is returning an fd that was already closed during the loading process. This seems to be a problem with how the syscall is implemented in QEMU, leading to incorrect fd handling.
So, the category would be "syscall" because the error is in the handling of the open syscall within QEMU's user mode. The problem isn't a runtime error in the general sense, nor is it about a specific instruction. It's about the syscall's implementation returning an invalid fd.
</think>
syscall
|